Apache 1.3 + PHP 4.x + SSL

Folks,

I've never implemented a secure server before - and I now have a project
for it - It will be an Apache 1.3 environment tuned with PHP and MySQL
- and I'd appreciate any comments/advice/note from folk who have done
similar. I have my application working fine in a non-SSL environment
and believe the switch-over should not be too difficult. But...

Can someone confirm the following:

My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
only require SSL between client and server therefore I believe I do not
need to tune PHP/MySQL - true/false?

I have the following modules compiled in my Apache httpd
Compiled-in modules:
http_core.c
mod_vhost_alias.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_include.c
mod_dir.c
mod_cgi.c
mod_actions.c
mod_alias.c
mod_access.c
mod_auth.c
mod_unique_id.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_php4.c
suexec: enabled; valid wrapper /opt/apache/bin/suexec

I believe I have everything I need already compiled in - true/false?

Is it sufficient for me just to edit the my httpd.conf file under the
heading 'SSL Virtual Host Context' and tune accordingly?

Since my server sits behind an external firewall, and since the only
services will be ssh and apache listening, would one consider that
reasonably secure? Can anyone recommend any other steps I might consider?

Since Apache/PHP sit on the same server as MySQL I plan on having them
use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
before either but believe it gives added security and performance
benifits - Can anyone offer advice/comments on this?

Help, via the newsgroup for all to learn/share would be greatly appreciated,

Thanks
randelld

Randell D. wrote:

> Folks,
>
> I've never implemented a secure server before - and I now have a project
> for it - It will be an Apache 1.3 environment tuned with PHP and MySQL
> - and I'd appreciate any comments/advice/note from folk who have done
> similar. I have my application working fine in a non-SSL environment
> and believe the switch-over should not be too difficult. But...
>
> Can someone confirm the following:
>
> My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
> only require SSL between client and server therefore I believe I do not
> need to tune PHP/MySQL - true/false?
>
> I have the following modules compiled in my Apache httpd
> Compiled-in modules:
> http_core.c
> mod_vhost_alias.c
> mod_env.c
> mod_log_config.c
> mod_mime.c
> mod_negotiation.c
> mod_include.c
> mod_dir.c
> mod_cgi.c
> mod_actions.c
> mod_alias.c
> mod_access.c
> mod_auth.c
> mod_unique_id.c
> mod_so.c
> mod_setenvif.c
> mod_ssl.c
> mod_php4.c
> suexec: enabled; valid wrapper /opt/apache/bin/suexec
>
> I believe I have everything I need already compiled in - true/false?
>
> Is it sufficient for me just to edit the my httpd.conf file under the
> heading 'SSL Virtual Host Context' and tune accordingly?
>
> Since my server sits behind an external firewall, and since the only
> services will be ssh and apache listening, would one consider that
> reasonably secure? Can anyone recommend any other steps I might consider?
>
> Since Apache/PHP sit on the same server as MySQL I plan on having them
> use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
> before either but believe it gives added security and performance
> benifits - Can anyone offer advice/comments on this?
>
> Help, via the newsgroup for all to learn/share would be greatly
> appreciated,
>
> Thanks
> randelld


The only "outside" traffic will be between the users browser and Apache
- on port 443. The "conersations" between Apache, PHP and Mysql should
all be internal to the system. You just have to make sure your pages
are all redirected to port 443. (https).

Michael Austin.

Michael Austin wrote:
> Randell D. wrote:
>
>> Folks,
>>
>> I've never implemented a secure server before - and I now have a
>> project for it - It will be an Apache 1.3 environment tuned with PHP
>> and MySQL - and I'd appreciate any comments/advice/note from folk who
>> have done similar. I have my application working fine in a non-SSL
>> environment and believe the switch-over should not be too difficult.
>> But...
>>
>> Can someone confirm the following:
>>
>> My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
>> only require SSL between client and server therefore I believe I do
>> not need to tune PHP/MySQL - true/false?
>>
>> I have the following modules compiled in my Apache httpd
>> Compiled-in modules:
>> http_core.c
>> mod_vhost_alias.c
>> mod_env.c
>> mod_log_config.c
>> mod_mime.c
>> mod_negotiation.c
>> mod_include.c
>> mod_dir.c
>> mod_cgi.c
>> mod_actions.c
>> mod_alias.c
>> mod_access.c
>> mod_auth.c
>> mod_unique_id.c
>> mod_so.c
>> mod_setenvif.c
>> mod_ssl.c
>> mod_php4.c
>> suexec: enabled; valid wrapper /opt/apache/bin/suexec
>>
>> I believe I have everything I need already compiled in - true/false?
>>
>> Is it sufficient for me just to edit the my httpd.conf file under the
>> heading 'SSL Virtual Host Context' and tune accordingly?
>>
>> Since my server sits behind an external firewall, and since the only
>> services will be ssh and apache listening, would one consider that
>> reasonably secure? Can anyone recommend any other steps I might consider?
>>
>> Since Apache/PHP sit on the same server as MySQL I plan on having them
>> use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
>> before either but believe it gives added security and performance
>> benifits - Can anyone offer advice/comments on this?
>>
>> Help, via the newsgroup for all to learn/share would be greatly
>> appreciated,
>>
>> Thanks
>> randelld
>
>
>
> The only "outside" traffic will be between the users browser and Apache
> - on port 443. The "conersations" between Apache, PHP and Mysql should
> all be internal to the system. You just have to make sure your pages
> are all redirected to port 443. (https).
>
> Michael Austin.

Thanks